P
US9917858B2ActiveUtilityPatentIndex 81

Honey user

Assignee: RAPID7 INCPriority: Apr 1, 2015Filed: Apr 1, 2015Granted: Mar 13, 2018
Est. expiryApr 1, 2035(~8.7 yrs left)· nominal 20-yr term from priority
Inventors:HATHAWAY MATTHEW ROBERTADAMS SAMUELKELLY JONATHAN
H04L 63/10H04L 67/1097H04L 63/1433H04L 67/02H04L 67/22H04L 63/1441H04L 67/306H04L 63/1416H04L 63/08H04L 67/535H04L 63/1425
81
PatentIndex Score
12
Cited by
17
References
20
Claims

Abstract

Systems and methods of managing the security of a networked environment based on activity associated with deployed pseudo-accounts are presented. In one embodiment, a plurality of pseudo-accounts are deployed in one or more networks, domains, or virtual machines and activity associated with the pseudo-accounts is collected to identify security risks to facilitate remediation and mitigation.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A system for monitoring a secure environment, the system comprising:
 a first database module comprising account information specifying one or more accounts; 
 a first processing module configured to generate pseudo-account credentials that are not and will not be assigned to an account associated with an authorized user and insert the pseudo-account credentials into the first database module; and 
 a second processing module configured to detect in real time activity in the secure environment associated with one or more pseudo-account credentials. 
 
     
     
       2. The system according to  claim 1 , wherein the account information comprises authentication credentials. 
     
     
       3. The system according to  claim 2 , wherein the authentication credentials comprise a user ID and a password. 
     
     
       4. The system according to  claim 1 , wherein the pseudo-account credentials comprises one or more of a pseudonym, pseudo-address, and pseudo-demographic information. 
     
     
       5. The system according to  claim 1 , wherein the first processing module is further configured to present a user interface operable to receive information related to the one or more pseudo-account credentials. 
     
     
       6. The system according to  claim 1 , wherein the first processing module is further configured to add information about the one or more pseudo-account credentials to a database of monitored accounts. 
     
     
       7. A system for monitoring a secure environment, the system comprising:
 a first processing module configured to log the activity of a plurality of user accounts in the secure environment; 
 a second processing module configured to store on a computer readable medium information about the activity of the plurality of accounts; 
 a third processing module configured to search the stored activity information for pseudo-account credentials that are not and will not be assigned to an account associated with an authorized user; and 
 a fourth processing module configured to detect in real-time activity associated with one or more pseudo-account credentials among the stored activity information. 
 
     
     
       8. The system according to  claim 7 , wherein the fourth processing module is configured to generate and store a report based on the detection of the activity of one or more pseudo-account credentials. 
     
     
       9. The system according to  claim 7 , wherein the activity information comprises records of authentication attempts. 
     
     
       10. The system according to  claim 7 , wherein the activity information comprises changes to information related to the plurality of user accounts. 
     
     
       11. The system according to  claim 10 , wherein the information related to the plurality of user accounts comprises one or more of profile information and privilege settings. 
     
     
       12. The system according to  claim 7 , wherein the fourth processing module is configured to indicate that it failed to detect activity of one or more pseudo-account credentials among the stored activity information. 
     
     
       13. The system according to  claim 7 , wherein the secure environment is a networked collection of computing devices. 
     
     
       14. The system according to  claim 7 , wherein the secure environment is a domain. 
     
     
       15. The system according to  claim 7 , wherein the secure environment is a computer system having different privilege levels. 
     
     
       16. A computer implemented method for monitoring a secure environment, the method comprising:
 logging activity of a plurality of user accounts in the secure environment using a first processing module; 
 storing on a computer readable medium information about the activity of the plurality of accounts using a second processing module; 
 searching in real time the stored activity information, using a third processing module, for activity associated with one or more pseudo-account credentials that are not and will not be assigned to an account associated with an authorized user; and 
 generating and storing one or more reports based on the detection of activity associated with one or more pseudo-account credentials using a fourth processing module. 
 
     
     
       17. The method according to  claim 16 , further comprising identifying at least one of the plurality of user accounts using a device database associating a plurality of device labels with user information and an authentication record. 
     
     
       18. The method according to  claim 17 , wherein the device label is a domain name or an internet protocol address. 
     
     
       19. The method according to  claim 17 , wherein the device database is updated upon a dynamic host configuration protocol lease renewal, a virtual private network internet protocol address assignment, or both. 
     
     
       20. The system according to  claim 17 , wherein the authentication record is an active directory log.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.